> Is there a switch (php side or pg side) to avoid things like: > > pg_query("select id from table1 where a=$i"); > > into becoming > > pg_query("select id from table1 where a=1 and 1=1; do something > nasty; -- "); Ideally, you'd use this: pg_query_params('select id from table1 where a=$1', array($i)); http://us2.php.net/manual/en/function.pg-query-params.php Alternately, you can do this: $i = pg_escape_string($i); pg_query(" select id from table1 where a='$i' ");